Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-213435 | WNDF-AV-000011 | SV-213435r823042_rule | Medium |
| Description |
|---|
| This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically |
| STIG | Date |
|---|---|
| Microsoft Defender Antivirus Security Technical Implementation Guide | 2022-04-08 |
Details
| Check Text ( C-14660r820152_chk ) |
|---|
| This is applicable to unclassified systems. For other systems this is NA. Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" is set to "Enabled" and "Send safe samples" is selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Spynet Criteria: If the value "SubmitSamplesConsent" is REG_DWORD = 1, this is not a finding. |
| Fix Text (F-14658r823041_fix) |
|---|
| This is applicable to unclassified systems. For other systems this is NA. Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" to "Enabled" and select "Send safe samples" from the drop-down box. |